from the nothing-to-hide dept

As Techdirt readers know, one of the final sticking points of the TPP negotiations was the issue of data exclusivity for the class of drugs known as biologics. We've pointed out that the very idea of giving any monopoly on what amounts to facts is fundamentally anti-science, but that's a rather abstract way of looking at it. A recent case in Canada makes plain what data exclusivity means in practice. As reported by CBC News, it concerns unpublished clinical trial data about a popular morning sickness drug:

Dr. Navindra Persaud has been fighting for four years to get access to thousands of pages of drug industry documents being held by Health Canada.

He finally received the material a few weeks ago, but now he's being prevented from revealing what he has discovered.

That's because Health Canada required him to sign a confidentiality agreement, and has threatened him with legal action if he breaks it.

The clinical trials data is so secret that he's been told that he must destroy the documents once he's read them, and notify Health Canada in writing that he has done so. And just to concentrate his mind a little, there's this:

The confidentiality agreement also contains an indemnity clause that states Dr. Persaud, at his own cost, shall "save harmless Health Canada from and against all claims," including lawsuits, that arise out of any breach in the agreement.

Against this absurd background, it's easy to forget what we are talkling about here: basic scientific information relating to a drug that is widely taken by pregnant women -- a group where unexpected side-effects can have devastating consequences on the developing foetus. You would think Health Canada would be offering Dr Persaud every possible support for his work:

"I'm trying to find out if the medication is safe and effective and Health Canada is the regulator. So they might actually want to facilitate this sort of research that I am doing. Instead, Health Canada has threatened me with legal action if I share the information."

Persaud says that he is more concerned about the drug's efficacy than its safety, but that's clearly still an important issue, not least because having seen the clinical trials data, he has changed his opinion:

"I've gone on the record questioning how effective the medication was before," he said. "I think it's fair for me to say today that I'm concerned the medication is not effective at all."

Isn't that something fundamental that pregnant women have a right to know before taking the drug in question? And yet the pharmaceutical industry has somehow achieved the astonishing trick of normalizing the practice of withholding vital safety information, and turning national health agencies into enforcers of their data monopolies. As Duff Conacher, coordinator of Democracy Watch, a watchdog on open government, is quoted in the CBC News report as saying:

"Health Canada is setting up a system to silence critics of drug companies and protect big company profits and protect them from accountability, instead of doing what they're supposed to be doing, which is protecting the public from harm," he said.

from the and-it-sucks dept

Last weekend, negotiators finally completed negotiations on the Trans Pacific Partnership (TPP) agreement. However, as we noted, there was no timetable for the release of the text (though some are now saying it may come out next week). Once again, it was ridiculous that the negotiating positions of the various countries was secret all along, and that the whole thing had been done behind closed doors. And to have them not be ready to release the text after completion of the negotiations was even more of a travesty. Wikileaks, however, got hold of the Intellectual Property Chapter and has released it online.

Much of what's in there is (not surprisingly) the same as the previous leaked version, which was from May of this year. The newly leaked version, of course, confirms what New Zealand's announcement had revealed earlier this week: multiple countries caved in so that TPP requires signatories to extend copyright to life plus 70 years -- even though the US itself had been exploring reducing copyright terms (that now won't be allowed). Similarly, it locks in dangerous anti-circumvention rules that have hindered innovation and freedom.

The final report shows that many of the problems we found in the May draft are still in this document. This includes the fact that while the agreement does at least make a nod to the public's rights such as fair use (which it calls "limitations and exceptions") it does so in a ridiculous way. All of the moves to make copyright stricter are mandatory in the TPP. They require signing countries to do things like extend terms and ratchet up punishment. But when it comes to fair use? Then it just says countries should explore the issue:

Each Party shall endeavor to achieve an appropriate balance in its copyright and related
rights system, inter alia by means of limitations or exceptions that are consistent with
Article QQ.G.16, including those for the digital environment, giving due consideration to
legitimate purposes such as, but not limited to: criticism; comment; news reporting;
teaching, scholarship, research, and other similar purposes; and facilitating access to
published works for persons who are blind, visually impaired, or otherwise print disabled.

Shall endeavor? Every other clause is a flat out "shall." But when it comes to fair use it's "eh, maybe consider it." That's ridiculous, given just how important the public's rights are and how things like fair use protect those rights.

There's also the issue of the public domain. As we noted in the May draft, the US and Japan actively opposed including "acknowledging the importance of preserving the public domain" in the section for "Understandings in respect of this Chapter." And it looks like the US won -- as that phrase is no longer in that section -- though there was a compromise. Further down in the document, a new section has been added acknowledging the public domain:

Article QQ.B.x: {Public Domain}

1. The Parties recognize the importance of a rich and accessible public domain.

2. The Parties also acknowledge the importance of informational materials, such as
publicly accessible databases of registered intellectual property rights that assist in the
identification of subject matter that has fallen into the public domain.

That's better than nothing, but it is notable that this is no longer included in the section of "objectives." Because, of course, this document has no objective to celebrate the public domain. The copyright extension terms show that the objective is to destroy the public domain. And, as the EFF notes in its analysis, by moving where this discussion of the public domain occurs, the negotiators made it a happy platitude rather than a required part of any intellectual property policy:

That paragraph on the public domain, for example, used to be much stronger in the first leaked draft, with specific obligations to identify, preserve and promote access to public domain material. All of that has now been lost in favor of a feeble, feel-good platitude that imposes no concrete obligations on the TPP parties whatsoever.

Also, with the May release, we noted that the US and Japan, in particular, opposed any language that allowed for punishment for abusing patents. Australia had proposed some language that said that a country could cancel, revoke or nullify a patent if "the patent is used in a manner determined to be anti-competitive, or abusive..." The US and Japan vehemently opposed this language and guess what is nowhere to be found in the document? You guessed it... The US and Japan also opposed a pretty simple statement that "Each Party may adopt or maintain measures to discourage vexatious or unreasonable proceedings as a result of the use of the exclusive rights of a patent."

And yet, in the final document, the only time "unreasonable" appears is in relation to "unreasonable" delays in granting patents. It really makes you wonder, why is the US so against a simple clause allowing countries to stop the abuse of patents? What possible rationale could they have other than knowing that they're helping companies abuse patents.

It also appears that negotiators did not heed the warnings from KEI and others that the last draft would go against a number of US laws that include exceptions for damages for infringement, including orphan works and sovereign immunity by state governments. In short, this would completely undermine the US's plans for dealing with the orphan works problem, because the TPP requires there be damages for infringement, even as the proposal to solve orphan works is to create an exception for damages if the work is an orphan work and certain conditions have been met.

The good folks at KEI have been listing out many other problems with the final text, some of which we'll explore as well. For example, the TPP says that patents can be available for "new uses of a known product, new methods of using a known product, or new processes of using a known product" which of course can lead to perfectly common products getting extra patent protection and limiting competition, and driving up prices. There is significant concern over this issue in the drug space.

On the question of extra protection for "biologics" (which was apparently the final sticking point), the agreement says 8 years or something that can deliver a "comparable outcome in the market" via "other measures." This is problematic and will drive up healthcare costs and will almost certainly mean that people will die because they can't afford these medicines. Australia had been holding out for five years, but apparently lost. As we noted a few months ago, this also undermines some fundamental principles of science in locking up important data.

The other tidbit that is potentially a big deal is that it appears that the Intellectual Property Chapter may not be subject to the corporate sovereignty chapter, meaning that companies would not be able to make use of the special "ISDS" (investor-state dispute settlement) tribunals to argue that new IP regulations somehow deprived them of expected profits from investment in those countries. If that's true that would be quite interesting, but the details of the corporate sovereignty chapter have not yet leaked...

All in all the document is pretty much what was expected, which means... it's problematic. The USTR should not have negotiated this, as it directly harms the interests of the American public as well as the entire internet sector. Congress should not pass this. This is a bad agreement, which is basically what you'd expect for something negotiated behind closed doors where only large industry lobbyists had full direct access to the text and the negotiators.

To get a sense of where we're going with this, here's a bit from the opening paragraphs of the opinion:

The defendants, Jason Estabrook and Adam Bradley, stand indicted for murder and related crimes arising out of a shooting that took place on July 7, 2012, in Billerica. They moved to suppress evidence of historical CSLI pertaining to Bradley's cellular telephone that the police initially obtained in July, 2012, without a search warrant but in compliance with 18 U.S.C. § 2703 (2006), and then, in November, 2013, reobtained pursuant to a warrant.

The CSLI was sought twice. This is the first sign that something's not quite right. Historical cell site location information doesn't change. That's the thing about history. And yet, the police obtained it twice: once with a subpoena (which was wrong) and once with a warrant (the lawful way to do it).

You see, the Massachusetts courts had already created a bright-line (of sorts) for the acquisition of cell site location data. Under the state's interpretation of its Declaration of Rights, cell site location info carries with it a reasonable expectation of privacy. This status demands the use of a warrant. An earlier decision determined that small amounts (up to six hours) of CSLI can be obtained without a warrant, as the limited time period makes acquisition much less analogous to long-term tracking.

The police knew they could only get six hours of CSLI without a warrant, but they had already grabbed two week's worth using only a subpoena. But the officers had an angle…

In this case, however, because the Commonwealth requested two weeks of historical CSLI, a search warrant was required, even though the Commonwealth proposes to use only six hours of the CSLI as evidence at trial.

That's a very opportunistic reading of the court's intentions. If the police were so inclined, they could subpoena a year's worth of CSLI and trim it down to only the most incriminating six hours of data before presenting it in court. Or they could just go fishing with subpoenas, look over the collected data and see if they could match any six hours of it to an investigation or prosecution.

The court points out the flaw in this logic, which, let's face it, the cops knew all along.

It is important to emphasize that, in terms of reasonable expectation of privacy, the salient consideration is the length of time for which a person's CSLI is requested, not the time covered by the person's CSLI that the Commonwealth ultimately seeks to use as evidence at trial.

The warrant requirement is for the "asking," not the "telling," to put it elementary school terms.

Fortunately for the police, the twice-obtained CSLI didn't harm their case too much. The defense argued that other evidence -- including statements made to the police -- should be suppressed because it originated from tainted CSLI. The court, however, concludes that a great deal of evidence was obtained independently and that only a few moments from various interviews could be traced back to inferences drawn from the cell site location info.

The court also came to the conclusion that the warrant the police sought well after it already had the subpoenaed CSLI in hand was likely legitimate, rather than just a shoddy attempt to cover up its earlier misdeed. Over the course of several paragraphs, the court lists all of the information gathered by officers prior to their issuing of the subpoena and finds it adds up to probable cause that isn't overly-reliant on the already-acquired CSLI info. The court doesn't offer any speculation as to what actually happened here, but rather points out that the CSLI was still lawfully-obtained, and anything stemming from the latter acquisition cannot be suppressed.

While this obtain-twice, admit-once method of cell site evidence acquisition didn't pay off for the criminal defendants, it at least provides another citable example of how far law enforcement agencies are willing to go to bypass the mild logistical hiccup that is obtaining a warrant.

from the urls-we-dig-up dept

"Lots of copies keeps stuff safe" is an archivist mantra for preserving data for a long, long time. It certainly looks like there's no end to the development of data storage. We have magnetic tape (multiple varieties), CDs, DVDs, Blu-ray, HD-DVDs, hard drives, solid state drives and the list goes on and on. Certain industries seem to make money every time there's a shift from, say, LPs to cassettes to CDs (to streaming?), but what happens when everyone can store every song ever recorded in the palm of their hand? Technology isn't there yet, but it might be soon.

from the mistaking-stasis-for-progress dept

After years of not giving a damn and letting the public do its job for it, the FBI is apparently ready to get serious about collecting stats on "police-involved shootings." In a statement released along with the FBI's 2014 Crime Report (tl;dr: most crime down again), FBI director James Comey says the agency will be doing… something… to ensure more comprehensive reporting of citizens killed by police.

[T]o address the ongoing debate about the appropriate use of force by law enforcement, we plan to collect more data about shootings (fatal and nonfatal) between law enforcement and civilians, and to increase reporting overall. Currently, the UCR program collects the number of justifiable homicides reported by police as well as information about the felonious killing and assault of law enforcement officers. These data are available in Crime in the United States and Law Enforcement Officers Killed and Assaulted. As helpful as this information is, however, we need more law enforcement agencies to submit their justifiable homicide data so that we can better understand what is happening across the country. Once we receive this data, we will add a special publication that focuses on law enforcement’s use of force in shooting incidents that will outline facts about what happened, who was involved, the nature of injuries or deaths, and the circumstances behind these incidents. We hope this information will become part of a balanced dialogue in communities and in the media—a dialogue that will help to dispel misperceptions, foster accountability, and promote transparency in how law enforcement personnel relate to the communities they serve.

There's a lot not to like about this statement.

First off, the FBI is only now getting around to "addressing the debate," after doing the bare minimum for the past several years. Currently, the data is "collected" via voluntary reports from law enforcement agencies and is limited to justifiable homicides, and then only those where someone was shot during the commission of a felony. This is why the FBI's yearly totals are, at best, half of what's tallied by private efforts.

Comey's statement basically says nothing's going to change. The collection will still be limited to "justifiable" homicides and will still be voluntary. Comey says he wants more law enforcement agencies to submit data, but there's no directive being issued to force the issue.

If anything's going to mobilize a more complete collection of shooting data, it will likely be new legislation. But the only recent effort towards a more comprehensive database of police-involved killings is languishing in Washington, having gone no further than being assigned to the Senate Judiciary Committee.

If any expanded reporting does result from Comey's announcement, it will still be heavily-skewed in favor of law enforcement agencies and their use of force. Because it will only contain information on homicides deemed to be justified, the report will not provide any further information on unjustified uses of deadly force. This will do nothing to further the conversation on law enforcement use of force, much less increase the level of trust in the communities they serve.

Comey is correct that continuing to serve up incomplete statistics won't result in positive change. But his statement contains nothing that indicates substantive changes in reporting is on the way. The only difference here is that the FBI is finally acknowledging the public's growing disgruntlement with the nation's law enforcement agencies. But Comey's light touch -- designed not to offend his agency's brothers-in-arms -- suggests the only thing he's willing to throw at the problem is a few extra words.

from the the-possibilities-are-endless dept

What started as a quiet evening one recent Saturday ended with a multi-hour visit to my local emergency room.

It was a relatively "vanilla" visit for a suburban ER — I walked away with multiple stitches and a bruised ego. But I received one service I probably didn't need, reminding me we still have a long way to go before the great potential of digitized medical data is realized.

I received a tetanus shot that I'm almost certain was unnecessary. However, all the evidence against getting the shot lay only in my memory. While there are likely several records of my last tetanus shot in multiple, siloed databases, not a single one was within my reach when I needed it most.

Of all people, given my career and the passion I have for the tech sector, I should have been ready for this. In an era when health and medical data are increasingly digitized, my information shortfall that night was easily and entirely avoidable.

"When was your last tetanus shot?" the ER doctor asked me. As I fumbled to recall with exactness the particular date, time and place, he jumped in, "Sounds like it was tonight." Moments later, the nurse strolled in and administered the shot.

I'm almost certain I got a tetanus shot before I went to Nigeria in 2014...or was it when I went to Ethiopia in 2013? Despite my inability to recall the date with precision — surely, it's been in the past 10 years, hasn't it – that information is available somewhere.

My insurance company knows. The clinic or doctor's office where I received the shot surely digitized the details. But that Saturday evening, we weren't able to access any of this digitized information. I'm looking forward to the day, fast-approaching, when that changes.

We're in the midst of a revolution in personal health, thanks in large part to consumers' enthusiasm for wearable fitness activity trackers. Sales of health and fitness trackers continue to rise with an ever-expanding suite of wearables. Health and fitness apps and devices let us capture, collect, manage and better understand our own medical data in unprecedented ways. And when we can control our own health records, we are better informed when we go to the doctor's office or the pharmacy or, in my case, the emergency room.

Technology also enables us to share diagnoses and test results, seek second opinions and shop for less-expensive care. The more information patients have, the more invested we are in our own care — and the better we can serve as a "safety net" for our doctors' potential oversights or lack of information.

Consider the extraordinary case of the woman who served as her family's caregiver when her father was admitted to the hospital unexpectedly. Doctors wanted to give him a blood-thinner drug that their outdated records indicated he was taking. The woman pulled up her father's medical records using an app, BlueButton, which showed that he had been off the blood thinner for two years, so none was administered. Shortly after being discharged from the hospital, the man cut himself badly in a fall. Had he been on that blood thinner, that fall might have resulted in much more serious injuries.

Digital data allows us to take an active role in our health—not just by delivering us the right information, but by allowing us to see where our lifestyle choices influence our health. For example, by tracking the number of steps I take in a day, my sleep and other measures of activity, I can see how going to bed thirty minutes later than normal impacts my activity level on the following day.

And data will fundamentally change doctor-patient relationship, too. Today's doctor assessment largely relies on the same approach that has been used for hundreds of years – the doctor asks the patient questions in an attempt to pinpoint the problem by intersecting the answers with her or his own knowledge and experience.

Of course, this type of discovery is fraught with imperfections – our brains are analog and we forget the particulars of our health history. But good digital data never lies. As more of our health data is captured, stored and shared, doctors will become more efficient, our health care system will get better and we will be healthier.

In the ER down the street, with me sitting on a sterilized bed in a sterilized room on an otherwise quiet Saturday night, a doctor, a nurse and a patient could have changed analog behavior — if only we had had access to digitized information.

from the i-see-you dept

There has always been a strong emphasis in educational institutions on stopping cheating. All of this hand-wringing makes sense to a point, of course. With the advent of technological progress, however, two separate roads appear to be heading to a cross: the use of technology to stop cheaters and the question of just how we're going to define cheating as information becomes more widely searchable and available. For the latter, I'm very much in favor of judging students on their ability to find answers and create interesting solutions compared with the originality of their responses. As the saying goes, it's not what you think that's most important, but how you think. As to the former, it seems we can't go a single story about schools using technology to police any aspect of their students without finding some failing in its implementation.

Verificient Technologies, the company behind the student-monitoring, anti-cheating software ProctorTrack, has not communicated to Rutgers students what the company has done with their personal data.

As we reported, ProctorTrack uses remote-monitoring technology to collect audio, video, and document the web activity of students as they take the exam. The software also scans the ID, face and knuckles of the student, and takes a voice sample. But complaints from students suggest that Verificient has not sent out any notification about the status of their data.

Notifications that Verificient was contract-bound to supply to students upon the purging of the data it collected on them. The way this was supposed to work was that all student monitoring data would be deleted from the primary servers after 90 days, with a notice to students, and then deleted form the backup servers 30 days after that, with another notice to students. Aiding in the confusion is that Rutgers had initially told students the purges would occur within 30 days of the test, back when the school had only a verbal agreement with Verificient, as did the company on its website in what it called its "privacy pledge." That pledge appears to have been violated in the name of "we can change our promise whenever the hell we feel like it" corporate provisions.

But the company's privacy policy at the time of the blog post stated that it could unilaterally amend its policies at any time, and that student data could be disclosed to third party service providers or in the event of a bankruptcy or company merger. But the contract singed in August provided for a longer time frame to delete data, and notify students: 90 days.

According to the contract, which actually went into effect seven months before it was signed, students who used the software during the spring 2015 semester should have received email notifications that their proctoring data had been permanently deleted from the servers.

But they didn't get those emails and students are now rightly pissed off at not knowing what the hell is going on with their personal, audio, and video data. Were this about monitoring web-browsing during tests, it would be bad enough, but we're talking about intrusive audio/video data on students and the company handling that information couldn't be bothered to follow its own post-redefinition pledge of privacy notifications. And, it should be noted, Rutgers students themselves had to pay $32 for the privilege of using this software.

from the and-that's-a-fact dept

Last week, we wrote that among the final obstacles to completing the TPP agreement was the issue of enhanced protection for drugs. More specifically, the fight is over an important new class of medicines called "biologics," which are produced from living organisms, and tend to be more complex and expensive to devise. The Conversation has a good feature looking at this issue in more detail. The central problem with biologics in TPP is "data exclusivity," which the article explains as follows:

Data exclusivity refers to the protection of clinical trial data submitted to regulatory agencies from use by competitors. It's a different type of monopoly protection to patents. While a product is covered by data exclusivity, manufacturers of cheaper follow-on versions of the product can't rely on the clinical trial data produced by the originator of the drug to support the marketing approval of their product.

Section 25a of Australia's Therapeutic Goods Act provides for five years of data exclusivity for all medicines. It makes no distinction between biologics and other drugs. Data exclusivity provides an absolute monopoly that, unlike a patent, can't be revoked or challenged in court.

As that makes clear, data exclusivity is a kind of super-patent in that it can't be challenged or revoked: if a drug company has run clinical trials to establish the safety of its new drug, it has an absolute and irrevocable monopoly on the use of that data -- for five years in the case of Australia, Chile, Singapore and New Zealand. This is obviously an incredibly powerful form of monopoly, so perhaps it's no surprise that US pharmaceutical companies want TPP to require signatories to grant an even longer period -- 12 years of data exclusivity -- for biologics.

That's useful for them, because even after drug patents have expired, and generic manufacturers can theoretically offer the same products without paying licensing fees, there remains the barrier of clinical testing. If the generic manufacturers can't point to the original clinical trials as proof that the drug is safe, they will need to carry out their own, which will take time and cost money. In practice, they are more likely to wait until the period of data exclusivity is over, effectively extending the original manufacturer's monopoly beyond that provided by patents alone.

So what? You might ask. Surely it's only fair that generic manufacturers cannot piggy-back on the work of the original drug companies? Although that argument sounds plausible, it overlooks the fact that what clinical trials produce is safety data about a drug, which is simply a certain kind of scientific fact concerning a particular complex compound, as unchanging as all its other features. It is not something that depends on the ingenuity of the person measuring it, because it represents intrinsic information about a substance. Granting data exclusivity is thus nothing less than giving a monopoly on knowledge itself, since it forbids any other company from being able to use that newly-established scientific fact.

That is a profoundly retrogressive step. Although dressed up in terms of fairness and recouping investments, the very notion of data exclusivity is an attack on the key idea that no one can own a scientific fact, and that science advances by building on existing knowledge. Arguments about whether the length of that monopoly should be five, eight or even twelve years, are not just pointless, they are pernicious, because any of them would lock the TPP countries into a system that allows basic facts to be owned, and would forbid them from exiting from it. The only acceptable length for data exclusivity is zero years; anything longer turns TPP into an attack on science itself.

Unfortunately, the data included does not include images of the artwork, which would have been a much more impressive move. Also, on the Github page, there is a list of "usage guidelines" which includes lines such as saying if you modify the dataset "you must make it clear that the resulting dataset has been modified by you." Of course, that's not actually required. Most of the other "guidelines" are more in the form of a request -- which is fine -- rather than a command. Of course, it's not even clear if the data in the dataset even could be covered by copyright, as most of it appears to be factual data (names of projects, dates, sizes, etc.) which would be akin to a phone book -- whose data are decidedly not covered by copyright.

So, yes, it's always great to see more people embracing the public domain, and it's unquestionably great that MoMA is releasing all this data in an easily accessible format without restrictions. But it could still go even further. Hopefully we'll soon reach an age when this kind of thing is just standard operating procedure, rather than it being considered a big thing to release some datasets to the public to use.

from the another-day,-another-problem dept

Uber appears to be a company that just can't get out of the way of controversy. The week actually started out good for the company with New York announcing that Uber drivers were clearly contractors rather than employees (unlike a California labor commission ruling that went the other way). However, on Wednesday afternoon an administrative judge in California declared that the company's services should be suspended statewide for supposedly refusing to provide data that it's required to provide under a 2013 law that helped "legalize" the service (that was already widely in use at the time).

Uber, for its part, insists that it delivered the necessary info and promises to appeal the ruling (which also includes a $7.3 million fine, which is pocket change for the company right now). It also appears to hint that the information that the Public Utilities Commission is seeking would actually violate the company's privacy policies.

In a statement, an Uber spokeswoman called the decision "deeply disappointing."

"We will appeal the decision as Uber has already provided substantial amounts of data to the California Public Utilities Commission, information we have provided elsewhere with no complaints," spokeswoman Laura Zapata said. "Going further risks compromising the privacy of individual riders as well as driver-partners."

The details seem to involve what kinds of data Uber was supposed to turn over, including specifics about requests from users with service animals or wheelchairs. Uber apparently didn't have the ability to track that information in the past, though it does now. On the flip side, the California PUC argues that companies in the space were given a year to comply, and thus Uber had plenty of time to make sure it was compliant and failed to do so.

As part of the 2013 law that legalized ride-hailing in California, companies are required to prepare an annual report with data about rides provided through the app.

Uber's 2014 report did not include hard numbers on customers who requested cars to accommodate service animals or wheelchairs, nor how often those requests were fulfilled, the judge said. The company also didn't provide raw numbers on requests for rides tabulated by ZIP Code, and how many of those rides were fulfilled, instead providing “aggregates, averages and percentages,” and a heat map showing which ZIP Codes generally saw the most requests.

Uber also failed to submit complete information on drivers who have been suspended or committed a violation, the judge said. The company did not provide the “cause of the incident reported,” or the amount paid out by any insurance company other than Uber's.

It would appear that the company and its lawyers are going to remain rather busy for the foreseeable future. It is, frankly, somewhat surprising that Uber didn't do more to comply with these requests, even if it disagrees with need to hand over such information. Not fully complying was always going to end badly. There may be legitimate privacy arguments for Uber to make here, but it doesn't seem like playing games with the CPUC is the best way to make that point.